All I wanted to do was get the phone number of the place I get my
blood tests, so I could call them today and find out how much a couple
special order tests cost if I have to pay for them myself. (My
doctor and I are not seeing eye-to-eye on everything lately.)
And it suggests I sign in, and I can pay my bill and make
appointments, the standard stuff. But it seems to say I can also
read the test results, which might mean I can read them for tests I
had a while ago, results which didn't matter when I got them but might
matter retroactively now. They probably do a better job of keeping
So I signed up, all the while thinking, How is it going to decide it's
me. Won't I have to go to the office and show my driver's license.
After all this has the normal concern for privacy plus the HIPAA
Soon after I found out how. It wanted the last 4 digits of my SSN. I
don't remember ever telling the lab this number, but it's part of my
Medicare number. (Identity theft coming your way!)
Then it asked what color my car is. I know I never told them what
kind of car I have but they knew the year, make and model. They gave
5 choices and my color was one of them.
Then they wanted to know which of 5 choices I ever worked at, and they
had a place I worked at 20 years ago.
Then they wanted to know which city out of 5 I went to college, 45
years ago, and they included the right city.
On the next page they wanted to know about another car I ever owned or
leased, and gave 5 choices. 1988 Chrysler Lebaron was one of them
but what's really amazing is that they called it a 1988 Chrysler
Lebaron Highline. I thought it was a trick. I owned the car for 7
years and never heard it called a Highline. I never heard or read the
word at all. I think I had the owners manual too, and I'm sure I
have the shop manual. (It's in the basement.) But I googled, and
that's what it seems to be called! Wikip says Highline - 19851989
Then they gave 5 choices of when I bought my house and one of them was
right, including the month, even though it was 32 years ago.
I didn't tell them any of these things. In the middle of the night
they knew. Scary, huh?
Google is not the only one who knows all about you.
(Every question also had a none-of-the-above style choice)
Anyhow, it accepted me and let me file a request for a test result. I
think it was 6 days ago and they want 7 days
It said something like:
Must be within 60 days
And I thought that meant if I had a test within 60 days of the date,
they'd find it. But it seems to mean I can only go back 60 days.
For 10 more dollars, I can go back to 2010. But what I need now is
a list of dates I had tests. If I have to tell them the date,
spending 10 dollars won't get me anything.
Are you dealing with the lab? Perhaps your doctor or medical group has
that information available at no cost. With "My Chart" that our medical
group uses we can go back a number of years. I can even to it from my
That's a good idea. I read the group's webpage and I don't think it
mentioned it. But the $10 is a one-time fee and it would be worth it
to have both current doctors' lab tests and maybe others in the
future. However it turned out late yesterday that it's not available
in Maryland. All my blood etc. tests were normal until 9 days ago
(except the parathyroid, which is normal again after the simple
surgery.) but this time a lipid was marginal, I think he said.
This lab has the phone thing too, but they wanted more than 10
dollars for the phone! ;-)
Turns out in Md. the law prevents them from sending the results until
I ask for them. Since automatic sending is part of the $10 fee,
maybe that's why I can't get advanced at all, so I'm going to try to
get them to make automatic sending unavailable in Maryland. Of course
that's so obvious they would have though of that, so maybe there's
But for free with what I signed up for yesterday I can get anything 2
days after the doctor does, and I can save it on my computer one test
at a time, but won't have it nicely packaged like they said they would
On Tuesday, December 22, 2015 at 6:05:10 AM UTC-5, Micky wrote:
I've experienced the same type of security questionnaire. If memory serves
me correctly, the FASFA website uses those types of questions when you
forget your password.
I agree that it can be a bit unnerving. You never specifically submitted
those answers like you do at other websites where you build your own
questionnaire by using the drop-down menu to pick a question (e.g. "What
is the first name of your Best Man?")
I don't know if the website you used was government related in any way
(you mentioned Medicare) but the FASFA website is, so perhaps that's
I did one of those recently and it was a pain in the butt. Where were
you born? Wrong! it has to be at least six characters. What street did
you live on? Wrong! It has to be at least six characters. There were a
couple more like that.
Some time ago when sites first started with that I registered and
promptly forgot my password. I think it was AT&T. Okay, do the I forgot
my password thing.
"What is the answer to your secret question?" Oh, come on, at least
give me a clue to what the frigging secret question was. I can't
remember the password and I'm supposed to remember which stupid secret
question I picked?
Early on I decided not to use my full name on the net unless I was
spending money and I had to pay (or online banking or medicine), so
when I signed up for yahoo email, I lied about my birthday. Then I
forgot my password and couldn't remember the phony birthday either.
I was stuck and had to make another yahoo account. I guess this was
20 years ago. Every few years I write to my old address to see if it
bounces. And if it does I try to sign up for it again because I
liked the name better. IIRC it bounced but I still coudn't sign up
for that address. I just wrote my old address again.
Now I take the email they send me saying I'm enrolled in something and
I copy in the userid and password and maybe other stuff, and I store
all of them in a mailbox, in alphabetical order. Before I go out of
town I copy the mailbox to my laptop OR I go through and copy to paper
the small number I really need. I also take snapshorts of the
password pages of Firefox settings and insert them in the mailbox.
| I didn't tell them any of these things. In the middle of the night
| they knew. Scary, huh?
| Google is not the only one who knows all about you.
Google knows what you're doing. I think the
tests you describe are using services like
LexisNexis. That is, companies pay for access
to databases where they can look things up.
(Ever notice how people search pages often
have an option to pay for more info?) Those
databases are owned by companies that just
collect and resell data of all kinds.
I remember reading, some years ago, that when
one calls a car dealer they know how to sell to
you before a salesman gets on the phone: income,
car buying history, etc.
So the test you saw was from a combination of
sources, probably mostly public records.
Yes, and I did that once. The one that was offerred was cheap, but it
gave very little information. The bulk of it was sex offender
information and not that the guy was a sex offender, which would have
been very important, but he probably wasn't, but all the sex offenders
who lived in his zip code. This was to be a business arrangement
with someone who lived in another city. Other than my distaste for
sex offenders, I don't care how many live in his zipcode. But it
made the report look big when it was thin.
I had hoped it would include criminal information, like whether he'd
been convicted of fraud -- I can't remember why I thought it would --
but it didnt' and it might not have even checked.
I was reading that Ted Cruz has his door-to-door campaign workers in
Iowa outfitted with tablets, and they know all kinds of background
about the people in the homes that walk up to, traditional,
non-traditional, anti-traditional, etc. etc. and they're coached on a
different pitch for each kind of person. If they did that to me, I
would find that two-faced, or 8-faced.
I only have one facebook page, so I can be friends with my niece, and
it has no information on it, not even my real name.
I don't think where i worked is supposed to be public. It's not a
secret, but it shoudln't be in any records except the employer's and
ONly the DMV and the sellers know what cars I've owned. In the case
of one of the cars mentioned, the seller was an out of state dealer
and for the other, the seller was a private party That leaves the
DMV. Can you go to your DMV and give them someone's name and
address and find out what car they own now and owned 11 years ago? I
dont' think so. So if you can't do it, why can they?
Where I went to college is also not a secret, but I've only told grad
schools and prospective employers who are supposed to keep their
student/personnel records confidential. When hackers break into
corporate records, do they steal the college background of employees,
to sell it to medical labs who want to verify who I am? Seems
OTOH, when I bought my house is definitely public. I've looked up a
couple of my neighbors and can see when they bought their houses and
how much they paid, as they can with me. (In NYS it's often recorded
as $1 and other valuable consideration, but not here I guess.) I
looked up the President-For-Life of my HOA, a lying, cheating,
stealing, obnoxious woman, and found that she'd bought her own house
and a house for her son (That's fine. He probably had no credit) and
she claimed both times that she'd never collected the Homestead Credit
that Maryland allows in many or all situations, but only once. So she
perjured herself on the form and illegally collected the credit a
second time. (An image of the entire form is online, not just the
information in it.) These things were always public, but you had to
go to the county seat, to the county clerk's office, during business
hours, and work your way through the files. Now you can read this
stuff at home 24/7.
| I only have one facebook page, so I can be friends with my niece, and
| it has no information on it, not even my real name.
You shouldn't talk about that. Mark Zuckerberg
and his sidekicks are trying to crack down on
pseudonym pages. They don't want you to have
privacy. They want to optimize what they can
charge for ads on your page, and for that they
need to know all about you and your friends. If
they figure out you're using a pseudonym they'll
close your page.
(There was an interesting story awhile back about
people who lost their Facebook pages because
they had odd names that sounded like they might
Some time ago I came across a truly chilling quote
from Cheryl Sandberg, the Facebook "COO". It's
interesting in that it shows just how far these people
have strayed from basic honesty and integrity...
apparently without even realizing it. She said that
Facebook "enables brands to find their voices. and to
have genuine, personal relationships with their
customers" ... "to make marketing truly social".
She's calling advertisers and their clients your friends!
That's what Zuck is talking about when he says he
wants to connect the whole world. It's reminiscent of
the old Twilight Zone episode (or was it Outer Limits?)
about the nice aliens who land and demonstrate their
good intentions with a book called "How to Serve Humans".
A scientist figures out, only after it's too late, that it's
a cookbook. :)
| Can you go to your DMV and give them someone's name and
| address and find out what car they own now and owned 11 years ago? I
| dont' think so. So if you can't do it, why can they?
I don't know. I suspect there's a difference between
an individual, with unknown intentions, and a private
investigator, bank, or insurance company when it comes
to getting such info.
But the real change is computerization. The info is all
in databases where it used to be on paper, in file cabinets.
Digitization means nearly all data is easy to access,
analyze and cross reference. That's a profound change.
Your car insurance company knows your car model and
driving record. There's no reason to assume they haven't
sold that data. The DMV (Registry of Motor Vehicles in my
neck of the woods) may also make their records available
to dataminers. I wouldn't be at all surprised to learn that
those records are being sold. ("Hey, do you wanna sell data
or do you want higher taxes?")
CVS now sells your personal medical info to drug companies
for marketing purposes, if you buy any drugs from CVS. Your
doctor can't legally do that, but there's no law about CVS
selling their business records. Privacy regulations, which were
never important before computers, simply haven't caught
up. And they may not, given the power of lobbyists. Selling
data and targetting ads is already a massive industry. If
you think of CVS and imagine how many similar cases there
may be, there's a good chance that companies like
LexisNexis know more about you than you do... far more.
Their memory is perfect.
Actually your doctor could sell every bit of medical they want to,
just like CVS. But just like CVS, they'd have to get your permission.
Unlike CVS, they don't have this frequent shopper card that nobody ever
reads the fine print.
| > CVS now sells your personal medical info to drug companies
| > for marketing purposes, if you buy any drugs from CVS. Your
| > doctor can't legally do that, but there's no law about CVS
| > selling their business records. Privacy regulations, which were
| > never important before computers, simply haven't caught
| > up. And they may not, given the power of lobbyists. Selling
| > data and targetting ads is already a massive industry. If
| > you think of CVS and imagine how many similar cases there
| > may be, there's a good chance that companies like
| > LexisNexis know more about you than you do... far more.
| > Their memory is perfect.
| Actually your doctor could sell every bit of medical they want to,
| just like CVS. But just like CVS, they'd have to get your permission.
| Unlike CVS, they don't have this frequent shopper card that nobody ever
| reads the fine print.
Loyalty cards are a separate issue. There are various
wrinkles in this. CVS was sued for marketing directly
There have been issues with selling data directly to
drug makers. Maybe it's anonymized and then
de-anonymized. Maybe it isn't. In any case,
there's no permission involved:
There's also an issue with medical data sold by
gov't agencies, which then sell it to data miners:
In other words, there are various ways around
permission requirements, if they even exist.
It's unclear to me in all this what the exact law
is related to doctors, CVS and permission. My
understanding was that a doctor cannot sell data,
but a non-medical business can. I may be wrong.
If you know otherwise, or more, I'd be interested
to see the links that explain it.
The two major (federal) ones is the Health Isurance Portability and
Accountability Act. (The best resource is
and he Health Information Technology for Economic and Clinical Health
Act (HITECH Act)
| > It's unclear to me in all this what the exact law
| > is related to doctors, CVS and permission. My
| > understanding was that a doctor cannot sell data,
| > but a non-medical business can. I may be wrong.
| > If you know otherwise, or more, I'd be interested
| > to see the links that explain it.
| The two major (federal) ones is the Health Isurance Portability and
| Accountability Act. (The best resource is
| and he Health Information Technology for Economic and Clinical Health
| Act (HITECH Act)
Those links seem to be for vast plans to regulate
health plan medical records and digitization
standards. I was talking about specific information
about specific laws, or lack thereof, governing
the sale of medical data. I thought I had read
in one of the CVS articles that doctors could
not legally share data, but that other businesses
could get around that. As one can see from my links,
they are getting around it one way or another.
What's not clear from my links is whether they
can just sell the data directly in a legal way,
without getting permission.
All medically related privacy laws flow from one of the two at least
at the federal level. At least under HIPAA (I havent worked as much with
HITECH, although that would talk about data transmission from electronic
health records. The holy grail is Personal Health Information (PHI).
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.